[jira] [Commented] (ZOOKEEPER-4751) Update snappy-java to 1.1.10.5 to address CVE-2023-43642

Lari Hotari (Jira) Mon, 02 Oct 2023 00:29:04 -0700


    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-4751?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17770998#comment-17770998
 ]


Lari Hotari commented on ZOOKEEPER-4751:
----------------------------------------

snappy-java release notes: https://github.com/xerial/snappy-java/releases

Another detail is that until snappy-java 1.1.10.4, snappy-java was mistakenly 
using snappy native library version 1.1.8 . 

> Update snappy-java to 1.1.10.5 to address CVE-2023-43642
> --------------------------------------------------------
>
>                 Key: ZOOKEEPER-4751
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4751
>             Project: ZooKeeper
>          Issue Type: Task
>            Reporter: Lari Hotari
>            Priority: Minor
>              Labels: pull-request-available
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> snappy-java 1.1.10.1 contains CVE-2023-43642 . Upgrade the dependency to 
> 1.1.10.5 to get rid of the CVE.
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (ZOOKEEPER-4751) Update snappy-java to 1.1.10.5 to address CVE-2023-43642

Reply via email to